Data breach at DocuSign leads to massive phishing campaign

Mark Wycislik-Wilson

10 months ago

E-signature and security firm DocuSign has confirmed a data breach in which attackers gained access to a database containing customer email addresses. The company says that no other data was revealed in the security breach, but it led to a large phishing campaign.

Attackers used the stolen email addresses to spam people with emails containing an infected Microsoft Word document. The company insists that its core service remains secure, but coming in the wake of the WannaCry ransomware attack, people around the world are on high alert.

The phishing campaign uses DocuSign branding to fool recipients into opening a malicious attachment -- something which DocuSign noticed, and took action on. The company increased security and is currently working with law enforcement agencies to address things.

As part of our ongoing investigation, today we confirmed that a malicious third party had gained temporary access to a separate, non-core system that allows us to communicate service-related announcements to users via email. A complete forensic analysis has confirmed that only email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data or other information was accessed. No content or any customer documents sent through DocuSign's eSignature system was accessed; and DocuSign's core eSignature service, envelopes and customer documents and data remain secure.

Anyone who receives a suspicious-looking email purporting to be from DocuSign is encouraged to forward it to spam@docusign.com and delete it from their inbox.